diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/servconf.c b/servconf.c index 795ddbab7..14c81fa92 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options) | |||
113 | options->kerberos_ticket_cleanup = -1; | 113 | options->kerberos_ticket_cleanup = -1; |
114 | options->kerberos_get_afs_token = -1; | 114 | options->kerberos_get_afs_token = -1; |
115 | options->gss_authentication=-1; | 115 | options->gss_authentication=-1; |
116 | options->gss_keyex = -1; | ||
116 | options->gss_cleanup_creds = -1; | 117 | options->gss_cleanup_creds = -1; |
117 | options->gss_strict_acceptor = -1; | 118 | options->gss_strict_acceptor = -1; |
119 | options->gss_store_rekey = -1; | ||
118 | options->password_authentication = -1; | 120 | options->password_authentication = -1; |
119 | options->kbd_interactive_authentication = -1; | 121 | options->kbd_interactive_authentication = -1; |
120 | options->challenge_response_authentication = -1; | 122 | options->challenge_response_authentication = -1; |
@@ -267,10 +269,14 @@ fill_default_server_options(ServerOptions *options) | |||
267 | options->kerberos_get_afs_token = 0; | 269 | options->kerberos_get_afs_token = 0; |
268 | if (options->gss_authentication == -1) | 270 | if (options->gss_authentication == -1) |
269 | options->gss_authentication = 0; | 271 | options->gss_authentication = 0; |
272 | if (options->gss_keyex == -1) | ||
273 | options->gss_keyex = 0; | ||
270 | if (options->gss_cleanup_creds == -1) | 274 | if (options->gss_cleanup_creds == -1) |
271 | options->gss_cleanup_creds = 1; | 275 | options->gss_cleanup_creds = 1; |
272 | if (options->gss_strict_acceptor == -1) | 276 | if (options->gss_strict_acceptor == -1) |
273 | options->gss_strict_acceptor = 0; | 277 | options->gss_strict_acceptor = 1; |
278 | if (options->gss_store_rekey == -1) | ||
279 | options->gss_store_rekey = 0; | ||
274 | if (options->password_authentication == -1) | 280 | if (options->password_authentication == -1) |
275 | options->password_authentication = 1; | 281 | options->password_authentication = 1; |
276 | if (options->kbd_interactive_authentication == -1) | 282 | if (options->kbd_interactive_authentication == -1) |
@@ -407,6 +413,7 @@ typedef enum { | |||
407 | sHostKeyAlgorithms, | 413 | sHostKeyAlgorithms, |
408 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 414 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
409 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 415 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
416 | sGssKeyEx, sGssStoreRekey, | ||
410 | sAcceptEnv, sPermitTunnel, | 417 | sAcceptEnv, sPermitTunnel, |
411 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 418 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
412 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 419 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
@@ -480,12 +487,20 @@ static struct { | |||
480 | #ifdef GSSAPI | 487 | #ifdef GSSAPI |
481 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 488 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
482 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 489 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
490 | { "gssapicleanupcreds", sGssCleanupCreds, SSHCFG_GLOBAL }, | ||
483 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, | 491 | { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, |
492 | { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, | ||
493 | { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, | ||
484 | #else | 494 | #else |
485 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, | 495 | { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, |
486 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, | 496 | { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, |
497 | { "gssapicleanupcreds", sUnsupported, SSHCFG_GLOBAL }, | ||
487 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, | 498 | { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, |
499 | { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, | ||
500 | { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, | ||
488 | #endif | 501 | #endif |
502 | { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, | ||
503 | { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, | ||
489 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 504 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
490 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 505 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
491 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 506 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
@@ -1207,6 +1222,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1207 | intptr = &options->gss_authentication; | 1222 | intptr = &options->gss_authentication; |
1208 | goto parse_flag; | 1223 | goto parse_flag; |
1209 | 1224 | ||
1225 | case sGssKeyEx: | ||
1226 | intptr = &options->gss_keyex; | ||
1227 | goto parse_flag; | ||
1228 | |||
1210 | case sGssCleanupCreds: | 1229 | case sGssCleanupCreds: |
1211 | intptr = &options->gss_cleanup_creds; | 1230 | intptr = &options->gss_cleanup_creds; |
1212 | goto parse_flag; | 1231 | goto parse_flag; |
@@ -1215,6 +1234,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1215 | intptr = &options->gss_strict_acceptor; | 1234 | intptr = &options->gss_strict_acceptor; |
1216 | goto parse_flag; | 1235 | goto parse_flag; |
1217 | 1236 | ||
1237 | case sGssStoreRekey: | ||
1238 | intptr = &options->gss_store_rekey; | ||
1239 | goto parse_flag; | ||
1240 | |||
1218 | case sPasswordAuthentication: | 1241 | case sPasswordAuthentication: |
1219 | intptr = &options->password_authentication; | 1242 | intptr = &options->password_authentication; |
1220 | goto parse_flag; | 1243 | goto parse_flag; |
@@ -2248,7 +2271,10 @@ dump_config(ServerOptions *o) | |||
2248 | #endif | 2271 | #endif |
2249 | #ifdef GSSAPI | 2272 | #ifdef GSSAPI |
2250 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2273 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
2274 | dump_cfg_fmtint(sGssKeyEx, o->gss_keyex); | ||
2251 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 2275 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
2276 | dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | ||
2277 | dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | ||
2252 | #endif | 2278 | #endif |
2253 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 2279 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
2254 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 2280 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |